Required CVE Record Information
Description
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
References 6 Total
- exchange.xforce.ibmcloud.com: v3chat-index-path-disclosure(27395) vdb-entry
- securityfocus.com: 18543 vdb-entry
- securitytracker.com: 1016340 vdb-entry
- securityfocus.com: 20060617 V3Chat Instant Messenger - XSS mailing-list
- vupen.com: ADV-2006-2474 vdb-entry
- securityfocus.com: 20060622 Re: V3Chat Instant Messenger - XSS mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- exchange.xforce.ibmcloud.com: v3chat-index-path-disclosure(27395) vdb-entryx_transferred
- securityfocus.com: 18543 vdb-entryx_transferred
- securitytracker.com: 1016340 vdb-entryx_transferred
- securityfocus.com: 20060617 V3Chat Instant Messenger - XSS mailing-listx_transferred
- vupen.com: ADV-2006-2474 vdb-entryx_transferred
- securityfocus.com: 20060622 Re: V3Chat Instant Messenger - XSS mailing-listx_transferred